Hence, a typical programmer only uses the engine classes to perform particular operations. You dont need to worry about the classes that actually perform the computation. The engine classes provide the primary interface to the security package. An administrator, meanwhile, needs to know only the name of the provider class so that she can ensure that the correct provider class is used.

8.1.1 Components of the Architecture

The architecture surrounding all of this has these components: Engine classes These classes come with the Java virtual machine as part of the core API. Algorithm classes At the basic level, there is a set of classes that implement particular algorithms for particular engines. A default set of these classes is provided by the supplier of the Java platform; other third−party organizations including your own can supply additional sets of algorithm classes. These classes may implement one or more algorithms for one or more engines; it is not necessary for a set of classes from a particular vendor to implement all possible algorithms or all possible engines. A single algorithm class provides a particular algorithm for a particular engine. The Provider class Each set of algorithm classes from a particular vendor is managed by an instance of the class Provider . A provider knows how to map particular algorithms to the actual class that implements the operation. The Security class The Security class maintains a list of the provider classes and consults each in turn to see which operations it supports. In later chapters, well look at the individual algorithms and engines of this architecture; for now, well discuss the Provider and Security classes. These two classes together make up the idea of a security provider. The security providers rely on cooperation between themselves and the rest of the Java security package in order to fulfill their purpose. The details of this cooperation are handled for us −− when we use the MessageDigest class to generate a digest, for example, its the responsibility of the MessageDigest class to ask the Security class which particular class to use to generate the digest. The Security class in turn asks each of the providers whether or not they can supply the desired digest. So a typical program that wants to use the security package does not interact directly with the security provider. Instead, the security provider is transparently useful to the programmer and to the end user. An end user, a system administrator, or a developer can configure the security provider; this is a result of the security provider being based on a set of provider classes. While there is a default provider class, the end user or system administrator can replace the default provider with another class. In addition, a user or programmer can augment the default provider class by adding additional provider classes. When the security package needs to perform an operation, it constructs a string representing that operation and asks the Security class for an object that can perform the operation with the given algorithm. For example, the idea of generating a message digest is represented by a particular engine; its name i.e., 124 MessageDigest is the first component in the request to the security provider. There can be many algorithms that can provide a message digest. SHA−1 and MD5 are the two most common, though well explore other possibilities when we look in depth at the corresponding classes that handle digests. So the name of the algorithm e.g., MD5 forms the second component of the string provided to the security class. These components are concatenated into a single string separated by a dot e.g., MessageDigest.MD5 . Seventeen cryptographic engines are supported by Suns security providers; there are implementations of at least one algorithm of each engine in one of Suns providers. The engines and the algorithms implemented by Sun are listed in Table 8−1. Version 1.3 comes with two security providers: Sun, the primary security provider, and SunRsaSign, which implements RSA algorithms. SunJCE is the provider that comes with the Java Cryptography Extension, and SunJSSE is the provider that comes with the Java Secure Sockets Extension. Engines that have an asterisk are JCE engines and have special deployment rules discussed later in this chapter. Table 8−1. Security Engines and Algorithms Engine Algorithm Name Provider AlgorithmParameterGenerator DiffieHellman SunJCE AlgorithmParameterGenerator DSA Sun AlgorithmParameters Blowfish SunJCE AlgorithmParameters DES SunJCE AlgorithmParameters DESede SunJCE AlgorithmParameters DiffieHellman SunJCE AlgorithmParameters DSA Sun AlgorithmParameters PBE SunJCE CertificateFactory X509 Sun Cipher Blowfish SunJCE Cipher DES SunJCE Cipher DESede SunJCE Cipher PBEWithMD5AndDES SunJCE Cipher PBEWithMD5AndTripleDES SunJCE KeyAgreement DiffieHellman SunJCE KeyFactory DiffieHellman SunJCE KeyFactory DSA Sun KeyFactory RSA SunJSSE KeyFactory RSA SunRsaSign KeyGenerator Blowfish SunJCE KeyGenerator DES SunJCE KeyGenerator DESede SunJCE KeyGenerator HmacMD5 SunJCE KeyGenerator HmacSHA1 SunJCE KeyManagerFactory SunX509 SunJSSE KeyPairGenerator DiffieHellman SunJCE KeyPairGenerator DSA Sun KeyPairGenerator RSA SunJSSE Chapter 8. Security Providers